зеркало из https://github.com/mozilla/treeherder.git
d9de41bf4b
The latest policy used in the report-only header has been working well on production (the violation reports logged to New Relic are only from scripts injected by browser addons), so we're ready to start enforcing the policy by using the real `Content-Security-Policy` header name. NB: When features are added in the future, PR authors and reviewers will need to remember to update the policy if needed (for example to add domains to the `connect-src` directive). The CSP header is not enabled when using `webpack-dev-server` (it would break dev source maps and react-hot-loader) so if in doubt test locally (using `yarn build` and serving via Django runserver) or on prototype first. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy |
||
|---|---|---|
| .. | ||
| admin.md | ||
| backend_tasks.md | ||
| code_style.md | ||
| common_tasks.md | ||
| data_validation.md | ||
| index.md | ||
| installation.md | ||
| pulseload.md | ||
| rest_api.md | ||
| retrieving_data.md | ||
| seta.md | ||
| submitting_data.md | ||
| testcases.md | ||
| troubleshooting.md | ||